owncloud: sync with Fedora

remicollet · Jun 16, 2016 · ca9b001 · ca9b001
1 parent 54daa65
commit ca9b001
Show file tree

Hide file tree

Showing 2 changed files with 90 additions and 4 deletions.
diff --git a/owncloud/owncloud-9.0.2-core-23066-infinite-loop-share-link.patch b/owncloud/owncloud-9.0.2-core-23066-infinite-loop-share-link.patch
@@ -0,0 +1,79 @@
+diff --git a/apps/dav/lib/connector/publicauth.php b/apps/dav/lib/connector/publicauth.php
+index f069a21..36da649 100644
+--- a/apps/dav/lib/connector/publicauth.php
++++ b/apps/dav/lib/connector/publicauth.php
+@@ -89,7 +89,7 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
+ 					}
+ 					return true;
+ 				} else if (\OC::$server->getSession()->exists('public_link_authenticated')
+-					&& \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id']) {
++					&& \OC::$server->getSession()->get('public_link_authenticated') === (string)$linkItem['id']) {
+ 					return true;
+ 				} else {
+ 					return false;
+diff --git a/apps/files_sharing/lib/helper.php b/apps/files_sharing/lib/helper.php
+index e857974..3dfbf8f 100644
+--- a/apps/files_sharing/lib/helper.php
++++ b/apps/files_sharing/lib/helper.php
+@@ -131,7 +131,7 @@ class Helper {
+ 				$newHash = '';
+ 				if(\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) {
+ 					// Save item id in session for future requests
+-					\OC::$server->getSession()->set('public_link_authenticated', $linkItem['id']);
++					\OC::$server->getSession()->set('public_link_authenticated', (string)$linkItem['id']);
+
+ 					/**
+ 					 * FIXME: Migrate old hashes to new hash format
+@@ -161,7 +161,7 @@ class Helper {
+ 		else {
+ 			// not authenticated ?
+ 			if ( ! \OC::$server->getSession()->exists('public_link_authenticated')
+-				|| \OC::$server->getSession()->get('public_link_authenticated') !== $linkItem['id']) {
++				|| \OC::$server->getSession()->get('public_link_authenticated') !== (string)$linkItem['id']) {
+ 				return false;
+ 			}
+ 		}
+diff --git a/apps/gallery/middleware/envcheckmiddleware.php b/apps/gallery/middleware/envcheckmiddleware.php
+index 8364e52..086da2f 100644
+--- a/apps/gallery/middleware/envcheckmiddleware.php
++++ b/apps/gallery/middleware/envcheckmiddleware.php
+@@ -274,7 +274,7 @@ class EnvCheckMiddleware extends CheckMiddleware {
+ 		$newHash = '';
+ 		if ($this->hasher->verify($password, $linkItem['share_with'], $newHash)) {
+ 			// Save item id in session for future requests
+-			$this->session->set('public_link_authenticated', $linkItem['id']);
++			$this->session->set('public_link_authenticated', (string)$linkItem['id']);
+ 			// @codeCoverageIgnoreStart
+ 			if (!empty($newHash)) {
+ 				// For future use
+@@ -296,7 +296,7 @@ class EnvCheckMiddleware extends CheckMiddleware {
+ 	private function checkSession($linkItem) {
+ 		// Not authenticated ?
+ 		if (!$this->session->exists('public_link_authenticated')
+-			|| $this->session->get('public_link_authenticated') !== $linkItem['id']
++			|| $this->session->get('public_link_authenticated') !== (string)$linkItem['id']
+ 		) {
+ 			throw new CheckException("Missing password", Http::STATUS_UNAUTHORIZED);
+ 		}
+diff --git a/lib/private/share/share.php b/lib/private/share/share.php
+index 3dcfa14..fcd013c 100644
+--- a/lib/private/share/share.php
++++ b/lib/private/share/share.php
+@@ -2477,7 +2477,7 @@ class Share extends Constants {
+ 		}
+
+ 		if ( \OC::$server->getSession()->exists('public_link_authenticated')
+-			&& \OC::$server->getSession()->get('public_link_authenticated') === $linkItem['id'] ) {
++			&& \OC::$server->getSession()->get('public_link_authenticated') === (string)$linkItem['id'] ) {
+ 			return true;
+ 		}
+
+@@ -2767,7 +2767,7 @@ class Share extends Constants {
+
+ 	/**
+ 	 * @param IConfig $config
+-	 * @return bool 
++	 * @return bool
+ 	 */
+ 	public static function enforcePassword(IConfig $config) {
+ 		$enforcePassword = $config->getAppValue('core', 'shareapi_enforce_links_password', 'no');
diff --git a/owncloud/owncloud.spec b/owncloud/owncloud.spec
@@ -9,7 +9,7 @@
 #
 Name:           owncloud
 Version:        9.0.2
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Private file sync and share server
 Group:          Applications/Internet
 
@@ -64,11 +64,14 @@ Patch7:         %{name}-9.0.2-no_need_for_broken_updater_repair.patch
 # Disable the integrity checking whilst a better way to deal with it is found
 Patch8:         %{name}-9.0.2-default_integrity_check_disabled.patch
 
+# Backport patch from future 9.0.3 to handle broken shared link issue bz#1346233
+Patch9:         %{name}-9.0.2-core-23066-infinite-loop-share-link.patch
+
 # Need to work around an NSS issue in el7.2, due to be fix el7.3 bz#1241172
-Patch9:         %{name}-8.1.6-work-arround-nss-issue.patch
+Patch10:         %{name}-8.1.6-work-arround-nss-issue.patch
 
 # RH provide support for php54 so don't tell users it's EOL
-Patch10:         %{name}-8.2.3-dont_warn_php54_eol.patch
+Patch11:         %{name}-8.2.3-dont_warn_php54_eol.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch:      noarch
@@ -428,9 +431,10 @@ work with an SQLite 3 database stored on the local system.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
-%if 0%{?rhel}
 %patch9 -p1
+%if 0%{?rhel}
 %patch10 -p1
+%patch11 -p1
 %endif
 
 # patch backup files and .git stuff
@@ -742,6 +746,9 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Tue Jun 14 2016 James Hogarth <james.hogarth@gmail.com> - 9.0.2-4
+- Fix an infinite loop on a shared link with password and postgres bz#1346233
+
 * Wed Jun 01 2016 James Hogarth <james.hogarth@gmail.com> - 9.0.2-3
 - Place composer.json files in %%doc rather than remove them entirely